Advances in mobile technologies have introduced a number of new benefits to the enterprise, allowing employees to be more flexible and access mission-critical applications and solutions from virtually anywhere. On the flipside, the rapid evolution of the mobile landscape has introduced a significant amount of security issues that many developers and companies were not prepared for.
The latter sentiment was echoed in a new study by Arxan Technologies, which revealed that more than 90 percent of the top 100 paid mobile applications have been compromised by hacking.
"We envision a thriving app economy with freedom and confidence to innovate and distribute new apps," said Jukka Alanen, vice president at Arxan Technologies and author of the report. "However, this potential is being threatened by hackers and most enterprises, security teams and app developers are not prepared for these attacks."
Threats are lurking in the midst of abundant mobile applications
The proliferation of smartphones, tablets and other mobile devices in the enterprise has given way to an app-centric environment in which decision-makers and employees alike are obsessed with the use of next-generation solutions. Since nearly everyone wanted to get a piece of this market as quickly as possible, many developers ended up creating applications with data security capabilities not strong enough to withstand attacks or that could easily be reverse engineered to exploit sensitive information, lead to the theft of intellectual property or damage corporate reputations.
The study revealed that 92 percent of the top paid applications for iOS devices and 100 percent of the top Android apps have been hacked. Forty percent and 80 percent of popular free apps for iOS and Android, respectively, have also been hacked. These compromised solutions were not limited to certain industries, as they impacted a wide range of verticals, including gaming, financial services, entertainment, healthcare and business tools.
"The traditional approaches to application security such as secure software development practices and vulnerability scanning cannot address the new hacking patterns that we identified," Alanen said. "The findings call for new approaches for mobile app owners to build protections directly inside their apps to withstand these new attacks."
Arxan Technologies recommends companies make data protection on mobile applications a strategic priority, especially for solutions that deal with financial transactions, confidential information and sensitive intellectual property.
A separate report by TechRepublic confirmed the importance of deploying only protected mobile applications. IT departments should regularly test and certify apps with each platform the solutions are intended to be used on. Since this process can be expensive for each application and device combination, decision-makers should narrow the list acceptable tools, making it easier to manage security during the consumerization of IT.
Companies also need to be adamant about regularly updating applications with their corresponding patches and upgrades, as these are intended to strengthen the solution's perimeters and make it less likely to fall victim to an attack, TechRepublic noted.
In addition to hacking, the BYOD (bring your own device) phenomenon introduces several potential vulnerabilities that could lead to the loss of important information. These concerns are often associated with the mismanagement and the loss of devices, TechRepublic said. Enterprises should have remote wiping capabilities in place should these situations ever occur, as this will allow IT departments to erase all sensitive data stored on the platform.
As the consumerization of IT continues to disrupt the enterprises, IT decision-makers need to be prepared for new, advanced dangers that may not have been around several years ago. The only way to survive the evolving threat landscape is to adapt.
Consumerization News from SimplySecurity.com by Trend Micro
